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1. INTRODUCTION 

Cloud computing has become a tremendous means of technology in the IT industry by offering several 
important benefits. It allows us to set up what is essentially a virtual office and gives us the flexibility of 
connecting to us anywhere, any time. Instead of purchasing and installing expensive equipment, we can use 
the resources of our cloud computing service provider to reduce the cost of system upgrades such as new 
hardware and software. On cloud, it is also easier to scale up or scale down our storage needs quickly to suit 
our situation, therefore allowing flexibility as our requirements change. In case of unexpected crisis, such as 
power failure, having the data stored in the cloud guarantees that it is properly backed up and minimize the loss 
of productivity. Using cloud services is also cost effective as users pay for the services that are being used by 
them either fully or partially, e.g. pay per use model [1-3]. 

Cloud computing provides the interaction between clients and the server with different layers. 
Software as a Service (SaaS) [4] provides different applications as a service but user is not allowed to make any 
changes in the service, for example, google Apps, sales force.com. Platform as a Service (PaaS) [5] provides 
a platform so that customer can run their application on the cloud platform. However, user cannot make any 
changes to the platform as their control are limited to the application only. Infrastructure as a Service (IaaS) [6] 
provides the set of hardware and software, storage devices, CPU cycles and other components that make it 
easier to use the above services. In this way, users gain full control over the structure as they can modify or 
update it according to their requirements [1,7, 8]. 
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Cloud computing provides three deployment models: private, public and hybrid (as show in Figure 1). 
Public clouds are the most popular way of cloud deployment in which the cloud resources are owned and 
operated by a third-party service provider and can be shared between different business enterprises and 
organizations [9]. Clients access services and manage their individual accounts using a web browser, e.g. 
Microsoft Azure. A private cloud consists of computing resources used exclusively by one client and cannot 
be shared with external parties. It is completely managed by internal policy schemes which ensure that the 
hardware and software are dedicated solely to the client’s organization. Hybrid clouds combine on-premises 
private clouds infrastructure with public clouds so that organizations can acquire the advantages of both by 
moving the data and applications between private and public clouds for better flexibility and new deployment 
options [1, 10]. 






Hybrid Cloud 


Private/ 


Premises Cloud 





Off Premises Cloud 


Figure 1. Cloud computing deployment model 


In a cloud architecture, it is very important to ensure data integrity which guarantees that data can only 
be accessed and modified by appropriate authorized entities. Itis a possibility that sometimes, the cloud service 
providers may discard or alter the data without saving in the storage space or keeping backups or replicas. It is 
also possible that cloud service providers may hide any accidental data loss and claim that the clients’ data are 
still stored in the cloud storage [11-14]. As a result, data integrity verification at untrusted servers remains as 
one of the biggest concerns with cloud data storage [15]. 

The proposed work is going to identify a simplified methodology to reconstruct a secret that 1s 
distributed using Shamir’s Secret Sharing Scheme [16, 17], and to use the derived results to investigate 
implications on Advanced Encryption Standard (AES) [8, 18] and examine the computation integrity of the 
data that is outsourced from the local storage to decentralized servers on the clouds. In reality, the users no 
longer have physical possession of possibly large size of outsourced data which makes the integrity protection 
in the cloud computing a very challenging and potentially formidable task. 

We studied different algorithms that are efficiently working in cloud communication decentralized 
environment. But there is a great deal of chances of improvement. Specifically, we can focus on the following: 

(a) In decentralized cloud communication, security is not assured with each participating virtual 
machines [19]. 

(b) Consistency of data or compromise in the length of data is another major security issue in cloud 
communication. 

(c) Communication overhead is increased when we have to communicate with number of machines for 
retrieving the data. 

(d) Storing the short password on the cloud is challenging. 

(e) Due to low security, trust factor is also decreased. 
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2. PROBLEM FORMULATION 

We analyzed and concluded that when data is encrypted with stronger algorithms like AES [20] and 
others, AES works in 64 bit, 128 bit, 256 bit key length and provides a stronger encryption [8]. The limitations 
of AES are only the lack of implementation and key management [10]. That makes it vulnerable to brute force 
attack. Secret sharing scheme is working in multicast group where a number of users are sharing sensitive 
information and trying to perform the complete information confidential [17,21]. Encryption and multicast 
group communication can be used together to improve the performance of both. Integrity of the cloud data is 
to be enhanced by mentioned technique. 


3. BACKGROUND 
3.1. Secret sharing algorithm 

Secret sharing scheme (SSS) is used when we want to divide our key into number of persons and 
we require all of the persons to be together at one place to get the unlock [16,22]. There is variant of secret 
sharing called Threshold secret sharing integers [17]. We present the list of steps of the secret sharing scheme 
in Algorithm 1. 


Algorithm 1 Secret Sharing Scheme (SSS) Algorithm 

/* Procedure */ 

1. D selects a field F and v different elements u1, u2, ..., Uy Æ O of F and interacts with u; to gtr party 
(i = 1,2,3,...,v). The secret S ia an element of F. 


2. D secretly and randomly selects t — 1 elements p2, ... , p+ of the field F. 


3. D calculate the shares 





t—1 
wi = S06 Pp O uj (i =1,2,...,0), (1) 
j=l 


4. When different parties want to compute secret, they interpolate and compute S using Lagrange interpolation 
mechanism: 


t t 
ee 


3.2. Limitations of SSS 

There is no provision applied for verifying integrity at each participating virtual machine. If threshold 
value is very low then security can be breached, if threshold value is high then computational complexity of 
overall system is will be increased. In classical secret sharing, shares are not produced randomly with time. 
No default encryption scheme is applied with the algorithm; it has to be embedded with any of the encryption 
technique [17, 21,23]. 


3.3. Entropy calculation 
Low entropy means that our source probably is not really random. In particular, if we have a random 


variable X that takes on values £1, %2,...,2n with probabilities p(x), p(v2),..., p(%n) respectively, then the 
entropy of X is: 
H(X) = — X np(2;)logp(a;) (3) 
i=l 


This value is maximized when all of the probabilities are the same. If we have 2” different symbols, 
that maximum value will be n bits of entropy per symbol. That is the theoretical maximum level of entropy 
that we can get. 
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4. PROPOSED MODEL 

AES is a widely adopted, highly efficient and secure encryption algorithm, used in cloud 
communication encryption [8, 11, 18]. In our proposed model, we applied AES technique and modified it 
to secure the cloud communication. We generalized the steps of AES encryption algorithm as follows: 


(a) Generate the number of rounds from the cipher key length 
(b) Initialize an array with data blocks 1.e plain text 

(c) Add the first round key to initial state of array 

(d) Implement nine rounds of state manipulation 

(e) Perform last and second last round of state manipulation 
(f) Use final state array as encrypted data Set (cipher text). 


We will now present two set of procedures that will elaborate the steps of our proposed model. 
At first, we will present the system setup process, followed by introducing the modified integrity 
enhancement module. 


4.1. Phase 1: System setup 

In the first phase, we present the system setup steps that contain the process of how to convert an 
input message to the corresponding hexadecimal form and how we apply polynomial interpolation process to 
generate number of shared for each virtual machine [24, 25]. The system setup steps are listed in Algorithm 2. 


Algorithm 2 System Setup 

/* Procedure */ 

. Choose NV virtual machines for communication 

. Calculate threshold value 7, = (w+) 

. Input a secret message M of L bytes 

. Convert the plaintext message M into hexadecimal 

. Convert the hexadecimal secret into integer 

. Apply polynomial interpolation mechanism to generate no of shares for each machine 
. Polynomial interpolation (M, Tp, N) 

. Store all points of polynomial 


OrANNNMNBWN 


4.2. Phase 2: Integrity enhancement module 

In phase 2, we represent the integrity enhancement module of our proposed system for each 
participating virtual machine. We applied the proposed module to enhance the adaptability of default 
encryption techniques. We present the basic steps of the integrity enhancement module in Algorithm 3. 


Algorithm 3 Integrity Enhancement Module 
/* Procedure */ 


1. Calculate authenticator key H, 
2. Divide the message M into chunks of 16 bytes 
3. Apply random function R+ to generate nonce, a one time unique random number 
4. Calculate MAC h,.(m) 
5. Calculate Q, 
L 

Q = T6 (4) 
6. Store individual message chunks {C1, C2,...,C,} of 16 bytes into the array Q[] 
7. Construct a polynomial function of {C1,C2,...,Cq} 
8. Evaluate the polynomial f(a) at r, additional key h,.(m) = f(r) 
9. Apply h, key on the message and generate cipher text of desired length 
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5. PROPOSED CLIENT-SERVER ARCHITECTURE 


In this section, we will discuss the client-server architecture that we have integrated into our proposed 
model. The proposed client-server architecture is presented in Figure 2. 


VM applies Encryption on plain text 













Send challenge to TPA 


Send proof to VM 


Stores the data to TPA 
Client sends 
Data to VM 


Report 
to Client 







Passes the 
encrypted data 
to CSP 


Generates shares 
of encrypted 
data and passes to 
number of clients 





Client 
Client registers VM of 
Cloud via CSP 


Figure 2. Proposed model 


(a) Client: Firstly client sends request to Cloud Service Provider (CSP) for granting access to virtual 
machine. Following the request from the client, the CSP acknowledges the client and grants access 
of the virtual machine of the cloud by providing user login and authentication code information. These 
secret information are generated randomly. After obtaining access, clients transfer plain text to Virtual 
machine. 

(b) Virtual machine (VM):- At this stage, high level of security is required for the data stored in the cloud 
sent from the client. In spite of the CSP being trustworthy, an efficient key encryption method is applied 
for securing the data that is stored in the private area of cloud. After encryption is adopted, the encrypted 
stream of data is passed to the CSP. 

(c) Cloud Service Provider: CSP passes the all data to TPA for storage. Here TPA is working as secured 
storage system by providing a transparent method for ensuring trust between the data owner (client) and 
the cloud server. This will not only help the clients to evaluate the risk of their subscribed service of 
the cloud server, but also will benefit the CSP to improve their cloud based service platform. 

(d) TPA: Stores all encrypted data 


6. SYSTEM FLOW OF PROPOSED ALGORITHM 

In the above section we discussed the problem of integrity in cloud environment and proposed two 
different algorithms that are working as the basic model of the proposed system. We designed an optimized 
integrity verification algorithm with variant of both. We ensured effective security by converting the input 
message to corresponding hexadecimal form and applied efficient polynomial interpolation process. 
Our proposed module also ensures integrity enhancement and verification for each individual virtual machines. 
The advantage of this scheme can be viewed in terms of achieving more security because of use of random 
function, reducing the length of the code using Huffman technique and finally ensuring transfer of long 
message between communicating parties using simple polynomial interpolation calculations. 

The proposed technique is working on increasing the strength of shares for secured distribution and 
construction. System is completely working on attack proof model. Strength of encryption data calculated 
is approximately 7.9. That is the maximum calculated results achieved till now. We present the flow of our 
proposed system in Figure 3. 
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Figure 3. Flow chart of proposed system 


7. RESULTS AND DISCUSSION 

In this section, we present the experimental results on our proposed system and discuss our findings 
accordingly. Here is the compilation of the basic or standard approach 6.47 out of 8 and in the designed 
optimized approach it’s approximately 7.9. The screenshots of the entropy calculation by the standard AES 
and the polynomial AES are shown in Figure 4 and Figure 5 respectively. 
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Figure 5. AES-poly 1305 entropy 
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We present the comparison between the standard AES and the polynomial AES in Table 1. 
Our proposed system upgrade the entropy of AES with a variant of SSS in the cloud simulator environment. 
The standard AES algorithm showed entropy value of 6.47. In computing, a lack or lower of entropy can have 
a negative impact on performance and security. However, the proposed designed optimized approach gave 
entropy value of 7.94, which means improved performance and enhanced security in the cloud computing. 
Therefore, the AES-poly 1305 performance is improved by 22% than the standard AES algorithm. 


Table 1. Comparisons of encryption algorithms 


Encryption Algorithm Entropy 
AES 6.47 
AES-Poly1305 7.94 


8. CONCLUSION 


In this paper, we presented a model that effectively address the issue of the data loss on cloud in case 
of dealing with storing personal data which is not transparent to users.We introduce a new entity in terms of a 
virtual machine that provides services and assurance beyond service level agreement (SLA). In the proposed 
model, a role of data handling and security is assured with association of third party auditor (TPA) by the virtual 
machine. We further demonstrate the applied technique for encryption, decryption and integrity verification 
modules. We also upgrade the entropy of the advanced encryption standard (AES) with a variant of secret 
sharing scheme in the environment of cloud simulator. Experimental results suggested that the proposed model 
has a great potential in addressing complicated security issues on the cloud. 
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